﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using MySql.Data.MySqlClient;
using System.Web.Security;
using AdministrationWeb;

namespace AdministrationWeb.Account
{
    public partial class Login : System.Web.UI.Page
    {

        private const string CONNECTION_STRING_NAME = "ApplicationConnectionString";

        protected void Page_Load(object sender, EventArgs e)
        {
            tbUserName.Focus();
        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            if (tbUserName.Text.Length > 3 && tbPassword.Text != "")
            {
                string lookupUserSQL = "SELECT user_id, username, password, permission, first_name, last_name, email "
                    + "FROM users " 
                    + "WHERE username=?username AND password=?password";

                MySqlConnection conn = new MySqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[CONNECTION_STRING_NAME].ConnectionString);
                MySqlCommand command = new MySqlCommand(lookupUserSQL, conn);

                command.Parameters.AddWithValue("?username", tbUserName.Text);
                command.Parameters.AddWithValue("?password", HashData.HashLogin(tbUserName.Text, tbPassword.Text));

                try
                {
                    conn.Open();
                    MySqlDataReader reader = command.ExecuteReader();

                    if (reader.Read())
                    {
                        if (HashData.IsValidPassword(tbUserName.Text, tbPassword.Text, reader.GetString("password")) && reader.GetString("permission") == "A")
                        {
                            lblError.Text = "Login Successful";
                            User user = new User();
                            MySession.Current.userUserID = reader.GetInt32("user_id");
                            MySession.Current.userPermission = reader.GetChar("permission");
                            MySession.Current.userFirstName = reader.GetString("first_name");
                            MySession.Current.userLastName = reader.GetString("last_name");
                            MySession.Current.userEmailAddress = reader.GetString("email");

                            FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, false);
                        }
                        else
                        {
                            lblError.Text = "Invalid username or password.";
                        }
                    }
                    else
                    {
                        lblError.Text = "Invalid username or password.";
                    }
                }
                catch
                {
                    lblError.Text = "Can't connect to the database";
                }
                finally
                {
                    conn.Close();
                }
            }
            else
            {
                lblError.Text = "Invalid username or password.";
            }
        }
    }
}